This article is more than 1 year old
Senate bill aims to stop Uncle Sam using facial recognition at airports
Legislation would eliminate TSA permission to use the tech, require database purge in 90 days
The US Transportation Security Administration's plans to expand its use of facial recognition tech, already in use at several American airports, may be over before it begins if a newly introduced Senate bill becomes law.
The bipartisan Traveler Privacy Protection Act [PDF], SB 3361, was introduced this week by Senators Jeff Merkley (D-OR) and John Kennedy (R-LA), and would stop the TSA's use of facial biometrics dead in its tracks. The bill would ban the planned expansion of the tech and repeal the TSA's existing facial recognition authorization, as well as requiring "explicit congressional authorization" for any future trials. If passed, the bill would give the TSA just 90 days to end its use of the tech and purge all facial biometric data it has in its servers.
"Every day, TSA scans thousands of Americans' faces without their permission and without making it clear that travelers can opt out of the invasive screening," said Senator Kennedy. "The Traveler Privacy Protection Act would protect every American from Big Brother's intrusion by ending the facial recognition program."
The TSA, which declined to comment on pending legislation, has been testing the tech in nearly 30 airports across the US. The agency told The Register over the summer that it wanted to expand it to 430 of America's airports over the next decade.
The system in use at TSA-run security checkpoints is known as Credential Authentication Technology 2 (CAT-2) and comes from French biometric firm Idemia. Idemia's full suite of biometric technology was recently rolled out by Interpol, which used it to make its first biometric-based arrest of a suspected smuggler who presented false papers at a police checkpoint in Bosnia and Herzegovina. Interpol's "Biometric Hub" incorporates its existing fingerprint and facial recognition databases with other Idemia tech.
The TSA's use of CAT-2 involves scanning a passenger's face and comparing it to a scanned ID card or passport. The system can detect fake IDs "very quickly," a TSA official told us in July, and is also able to verify the person is on any additional screening lists and is actually scheduled to travel in the next 24 hours.
Facial recognition technology has been roundly criticized by privacy rights groups and has been found on multiple occasions to have biases against certain racial groups, as well as being relatively easy to trick. Arguments like these have been made by groups like the American Civil Liberties Union (ACLU), Public Citizen, and the Electronic Privacy Information Center (EPIC), among others.
"Facial recognition and facial matching technology poses unnecessary and unacceptable risks for civil rights and civil liberties," ACLU senior policy counsel Cody Venzke said. "In many situations, it has been demonstrated to be less accurate for people of color and women, and it threatens to enable mass tracking and incursions into our privacy."
- Get a $25 gift card if you help the US check whether these facial logins really work
- Cops cuff pregnant woman for carjacking after facial recog gets it wrong, again
- NYPD blues: Cops ignored 93 percent of surveillance law rules
- Clearview AI fined millions in the UK: No 'lawful reason' to collect Brits' images
EPIC has also come out in support of the proposed Senate bill, which Jeramie Scott, its senior counsel and director of EPIC's Project on Surveillance Oversight, previously described as an "invasive and dangerous surveillance technology."
"EPIC applauds the introduction of the Traveler Privacy Protection Act and its prohibition on TSA's use of facial recognition technology," Scott said. "The TSA should not be allowed to unilaterally subject millions of travelers to this dangerous technology."
Not everyone thinks the act is advisable, though. University of Illinois at Urbana-Champaign computer science professor and aviation security expert Sheldon Jacobson described the senators behind the proposal as well-intentioned, "albeit ill-qualified and ill-informed" to make such a call.
"Cries of privacy being violated with facial recognition are simply overstated," Jacobson argued, adding that the TSA has no nefarious intent with its collection of data. "Facial recognition has nothing to do with the government intruding on people's personal privacy. It has to do with validating that the person presenting themselves to travel is indeed who they claim to be."
"The Traveler Privacy Protection Act [would] ratchet airport security backward, not forward," Jacobson said. Organizational intention, we note, doesn't necessarily reflect the on-the-ground reality of how the tech is used – or misused.
The bill, co-sponsored by Senators Edward J Markey (D-MA), Roger Marshall (R-KS), Bernie Sanders (I-VT), and Elizabeth Warren (D-MA), will still have to pass muster in the Senate Commerce committee before becoming a wider vote. ®